Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Routing from IPSec Dialup-User to a destination behind a PAT-IPSec

Hello friends,


there is a FGT80E, which was set up from someone who is not accessible anymore.


The WAN-is connected to a DSL-Router as "exposed host". (meaning the WAN interface has a privat IP).


We have a IPSec Connection to a Cisco ASA which uses PAT. (since they dont like our internal Subnet)

The IPSec itself works just fine. In phase 2 they defined the local adress and the remote adress for the PAT




Now they set up VIP:   (which I am not sure of why they set it up?)

Interface:  <the IPSEc Interface>

External IP:

Mapped IP:  (from our internal LAN)


We have static routes over the IPSec Interface the Remote PAT IP:


And we have a policy from LAN to this IPSEc


<source local subnet>  to  <remote subnet>  ALWAYS ALL ACCEPT - NAT: dynamic IP pool <external range:> Internal ->  ARP reply enabled.



This seems to work fine from the LAN.


But now I would like our dialup users to connect through this tunnel aswell as the internal users.

But this is just not happening ....



I am already thinking that the initial setup is not correct ... even tho it works.


I am wondering if I can just put the local adress  as the Interface adress of local the IpSec interface and just enable the NAT on the policies I am using to allow the traffic.



I hope this was somehow understandable .. ?


Thanks for you help!


Top Kudoed Authors